CVE-2023-48738

CVE-2023-48738 affects the Porto Theme – Functionality plugin for WordPress. The vulnerability is an SQL Injection caused by improper neutralization of specific elements, exploitable by an unauthenticated attacker. The issue applies to Porto Theme – Functionality versions before 2.12.1. Impact is...

GHSA-67GV-XRW7-P72W Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality...

Authorization

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

PT-2023-29848 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.2 Apache Superset versions 3.0.0, 3.0.1 Description: Uncontrolled resource consumption can be triggered by an authenticated attacker that uploads a malicious ZIP to import database, dashboards,...

PT-2023-30507 · Unknown · Mahlamusa Who Hit The Page – Hit Counter

Name of the Vulnerable Software and Affected Versions: Mahlamusa Who Hit The Page – Hit Counter versions 1.4.14.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injectio...

CVE-2023-6885

A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to th...

CVE-2023-37457 Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Design/Logic Flaw

An out-of-bounds memory access flaw was found in the iouring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system...

CVE-2023-6560

An out-of-bounds memory access flaw was found in the iouring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system...

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

PT-2023-32720 · Unknown · Sourcecodester Simple Student Attendance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A vulnerability was found in the SourceCodester Simple Student Attendance System, affecting an unknown functionality of the file index.php. The manipulation of the page...

CVE-2023-45840

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a data checksum error in a kernel module. Functionality is interrupted...

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-24052

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password...

CVE-2023-40460

CVE-2023-40460 affects the ACEManager component of ALEOS 4.16 and earlier . The vulnerability arises because ACEManager does not validate uploaded file names and types, which could allow an authenticated user to execute client-side scripts within ACEManager and alter device functionality until a ...

CVE-2023-40460 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-24052

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password...

PT-2023-7705 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.10 Description: The issue is related to a pre-authentication remote code execution vulnerability in Apache OFBiz due to the presence of unmaintained XML-RPC. This vulnerability allows an attacker to execut...